Sunday, May 4, 2014

Notes on CVE-2014-2851 - Linux group_info use-after-free

I spent some more time looking at the ping_init_sock group_info usage refcounter overflow I wrote about in a previous post. I uploaded code I used for this research to github .

The code makes it possible to check whether the usage refcounter became zero and the group_info struct is freed. I've written a more elaborate explanation in the README.

I hope to find more time to investigate this issue and update the code in the coming days.